Hackers supported by the government of China reportedly were behind a decadelong cyberespionage campaign that targeted other governments, companies and journalists in Southeast Asia, India and other countries, U.S. cybersecurity company FireEye said in a report released Sunday. The attacks were designed to gather intelligence from classified government networks about political and military issues, such as disputes over the South China Sea.
The Chinese government’s territorial claims in the contested South China Sea overlap with the claims of Malaysia, Vietnam, Brunei, Taiwan and the Philippines. A dramatic expansion of China’s artificial islands in disputed areas of the South China Sea, shown in recently released satellite images, have increased concerns about Beijing’s ambitions, the Wall Street Journal reported. Moreover, FireEye’s report points to the duration and geographic focus of the hacking as evidence of a deliberate effort to gain the upper hand in territorial disputes.
China’s Ministry of National Defense referred the Journal to its previous public remarks about hacking accusations. It has dismissed the claims as groundless and instead cited disclosures by former U.S. intelligence contractor Edward Snowden as proof the U.S. government is a major offender.
Some of the cyberattacks took the form of specially crafted emails, written in recipients’ native languages, the report said. But documents attached the emails, which appear legitimate, actually contained malware. Other cyberattacks had penetrated secure networks, purposely cut off from the Internet, by tricking system administrators into downloading malware on their home computers. The malware was then loaded on the administrators’ portable drives, such as USB sticks, that were later plugged into the secure networks, infecting them, FireEye said.
The teams of hackers work in shifts and have developed the malware in a consistent way, suggesting a high level of organization. “Such a sustained, planned development effort, coupled with the group’s regional targets and mission, lead us to believe that this activity is state sponsored, most likely by the Chinese government,” FireEye said in the report.
FireEye said it believes the Chinese hackers “[have] been able to operate with the same tools and the same infrastructure for nearly a decade,” Bryce Boland, the company’s chief technical officer for Asia-Pacific, told the Journal. “That means the governments and the organizations they’re targeting have not been able to detect them. That is truly scary.”